Bugtraq mailing list archives
Re: Digital Unix 4 protected password database.
From: twp () ROOTSWEB COM (Tim Pierce)
Date: Fri, 12 Mar 1999 18:44:22 -0500
On Wed, Mar 10, 1999 at 05:44:40PM -0500, der Mouse wrote:
I once posted a better algorithm than this [...]... but it never got adopted, and anyway, MD5 or SHA1 is a much better bet.Years ago, I did an MD5-based crypt(3) for NetBSD. I've been using it ever since. I believe it is significantly better for several reasons. One, of course, is that it's nonstandard and hence not vulnerable to stock crack-alikes...
FreeBSD has used MD5 in its crypt(3) algorithm for several years. I believe it was already there in the 2.0 release around 1994. (It does give you the option, at install time, of using DES instead.) The cryptographic benefits are probably still sound, but I would assume that Crack tools try both MD5 and DES on their dictionaries. There are enough FreeBSD systems using MD5 on the net to make it worth the crackers' while. -- Regards, Tim Pierce RootsWeb Genealogical Data Cooperative system obfuscator and hack-of-all-trades
Current thread:
- Re: Digital Unix 4 protected password database. Darren J Moffat - Enterprise Services OS Product Support Group (Mar 10)
- <Possible follow-ups>
- Re: Digital Unix 4 protected password database. der Mouse (Mar 10)
- New Security Vulnerability in WinNT Alexandre Stervinou (Mar 12)
- Re: Digital Unix 4 protected password database. Tim Pierce (Mar 12)
- Re: Digital Unix 4 protected password database. Nate Lawson (Mar 12)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 15)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 16)